Criptext is a free encrypted email service with open source apps for Windows, Linux, macOS, Android and iOS
Criptext is a free encrypted email service for Windows, Linux, macOS, Android and iOS. It has been around for a while, but I thought it may be worth looking into.
Before we get started, allow me to say that this article isn't about Criptext vs Protonmail, so we're not going to discuss which one's better. It's about what Criptext has to offer.
The applications for Criptext are open-source, but the servers are not. Then again neither is Protonmail's. (Okay, I know I just said I won't compare the two, but this is the only time I do it in the article).
Signal Protocol
There is something you should know about Criptext. It is not cloud-based like Gmail or Outlook; Criptext emails are not stored on servers permanently, they are only stored on your device using end-to-end encryption. It uses the Signal Protocol for this.
How does this work? According to the official documentation, Criptext passes the mail through their server for a moment and it's deleted once the mail is delivered. The only exception to this is when the message is un-deliverable; say when the recipient's device is offline. The email is stored on the server until it is delivered in this case. If it isn't delivered within 30 days, it's deleted from the server as well.
Encrypted mails
Criptext says that every email is encrypted with a unique key. Attachments are encrypted as well; they are stored on Criptext's Amazon Web Services servers though the encryption keys for those are saved on user devices.
The important thing to note here is that the service only encrypts mails sent by one Criptext user to another. So, if you use it to send mails to other services (Gmail, Outlook, etc), those will not be encrypted.
Tip: You can tell whether an email is encrypted or not, by looking for the padlock icon. If it has one, it's encrypted.
How to sign up for Criptext
You need to install the desktop program or the mobile app and use it to sign up. Once you do, the application begins creating the encryption/decryption keys for your account on your device.
Note: While signing up for an account, you can optionally enter a recovery email address. This is only required to reset the password of your account.
Testing the sign in process
Since the account credentials part is not cloud based, I wanted to see how I could sign in to an existing account on a new device. So, I disabled the internet on my laptop and tried to sign in to the same account on my phone. The mobile app prompted me to use the desktop client to approve the sign in, but it did offer an option to sign in with my password. Because I was testing the service, I used the desktop app's approval method to sign in. And it synced the account to my phone. This was unusual, but works fine.
Warning: Using a password to sign in will not sync the existing mailbox (from another device) to the new device. That's because the decryption keys for the older mails are stored on the other device.
Criptext's Special Features
Syncing the mailbox
Criptext syncs the mailbox between devices, so if you send an email from your phone, it will sync it to your desktop program's sent folder (and vice-versa). Incoming emails are delivered to all devices. You can use it to sync up to 10 devices. Attachments have a 25MB size-limit, but there are no limits for the number of attachments.
Unsend an email
You can unsend an email that you sent to a contact; you have up to 60 minutes for this. While I like the Unsend mail feature, I feel having a one-hour limit is a bit much. Also, this works only if the email has not been read already.
Email Tracking à la Read Receipts
Read receipts are supported in Criptext, i.e., you can tell when the recipient has opened your mail.
Frankly, I'm not a fan of this. The recipient deserves a bit of privacy too, fortunately you can turn off "Read Receipts" from the Settings. Doing so will also disable read receipts for mails that you send to others. I initially thought the mail service uses a header or something for this, but I'm quite certain that this feature is available because Criptext uses the Signal Protocol (which is intended for instant messaging).
Backup
You can backup your mailbox locally on the device or store it in the cloud manually. The backup is encrypted with a passphrase that you specify.
Two-factor authentication
Enabling this will require you to enter the password on your next sign-in, and approve it from a device that you're already signed in to.
For more information, you should read the official FAQ and Privacy Policy.
The reason I haven't reviewed the desktop mail client is because it's nothing special, it looks and functions like your average mail client.
Closing Words
On paper the service looks great; it's nice to have such privacy friendly platforms. But with all that being said, I don't think Criptext is for casual users. Why? Well, it can't encrypt mails that you send to mail addresses belonging to other services. The privacy/security that encryption provides are its primary feature. So, unless you manage to convince people to shift to Criptext, you're probably not going to be using it every day. And that's not going to be easy as people will opt for convenience over privacy, which is a sad story in itself.
how to use vuze to install in a terminal decrypted 3rd party thank u even outlook thanks
Desktop is under attack. It is invaded by Electron. Electron is cancer for the desktop. Electron programs are bulky, bloated, heavy, sluggish and ugly, they are not native and not portable. Who uses Electron trash contributes to the fall of desktop software.
Legions of incompetent coders who have no idea of real programming pile up layer upon layer of junk and call themselves developers.
Big corporations no longer want to invest in good programmers so Electron “framework” is the obvious choice- it is cheap to hire incompetent developers and as a result desktop is quickly becoming Electron junk-yard.
The problem is that the sheeple accept the Electron trash. The average Joe’s favourite argument- “Well, it works”. How it works does not matter for the dullard. The more idiots accept Electron the gloomier is the future of software.
Clearly not everyone is following this trend: Brave switched away from Electron/Muon/whatever when it became clear that it was ridiculously sluggish.
“But with all that being said, I don’t think Criptext isn’t for casual users.”
Do you really mean “isn’t”, or it should read “is”?
Right, thanks for spotting his. I corrected it.
The download and delete function is available from any standard email server using IMAP.
Doesn’t being OSS mean that wrongdoers will read the code and find ways to exploit it?
When there is one company where the American security services (Like NSC) have a backdoor that its Amazon.
The American National Security Council (NSC), which advises President Trump, has been working in recent months, to curb heavy encryption.
Jeff Bezos, number two on the forbes list with about $130 billion, fires his employees at midnight and then leaves them in the cold for 6 hours, before the first bus arrives.
But there is much more to report about Jeff Bezos:
The U.S. stock market watchdog SEC is investigating a stock transaction of Jeff Bezos, because he sold shares after accessing a critical analyst’s report that was about to appear, according to The New York Times.
And there is more much more. Not a company to trust with your encryption keys.
Private encryption keys are only stored on your device. You can check the apps which are open source and see that only your public keys are sent to the cloud so no need to worry about your messages being compromised (they won’t be) when communicating with Signal Protocol
The NSC is made up of the directors of US intel agencies and the military. It isn’t separate from the US government. So what you can simply say is that the US government is attempting to sabotage encryption standards, and the US government has put backdoors in numerous services and products in cooperation with US corporations.
It isn’t only the US government, the entire Five Eyes alliance, China, and Russia, and some members of the EU are behind the anti-encryption fearmongering and disinformation. They want the ability to spy on everyone. We need global legislation to protect privacy and human rights, no single government today is trustworthy.
The reviewer does not mention that this Criptext is just another JavaScript/Electron monstrosity.
“Just another JavaScript/Electron monstrosity.”
Arguments, please ?
(Full disclosure : I’m a member of the anti-Electronophobia brigade. You have commited a heinous hate-crime against Electron. Your IP address has been registered, and the Electron police will soon be banging on your door.)